What’s happening in this nondescript building in Shanghai?

Mandiant released a much-anticipated report Tuesday morning, offering the most detailed look to date inside the Chinese People Liberation Army’s direct involvement in hacking into American government and corporate websites. The PLA Unit 61398 is identified by the report as the most prolific hacking group inside the Chinese government. Dedicated to infiltrating English-language sites, the unit recruits English-language proficient speakers and experts in computer security, but otherwise scrubs any mention of its organization from Chinese-language websites. Operating out of a 12-story, 130,663 square foot facility in the Pudong New Area sector of Shanghai, its building is able to contain as many as 2,000 personnel. Special high capacity fiber-optics were installed by China Telecom when the building was constructed in 2007 and the outfit utilizes over 1,000 servers. In this three-year investigation, Mandiant documented Unit 61398 hacking into 141 companies (including 115 in the U.S.) across 20 industries, and stealing many terabytes of compressed data in sustained attacks averaging 356 days. The longest persistent attack documented by Mandiant lasted 4 years and 10 months. The largest recorded theft was 6.5 terabytes from a single company over 10 months. These attacks were just a small number of the total conducted by Unit 61398 and were conducted by individual hackers with online personas such as “Ugly Gorilla”

This has been going on for many years now, and so many of the details appear to be in the public domain. Wonder what we’re doing about it.

Leave a Reply